Captcha’ In Web Security
-
Upload
abhishek-sharma -
Category
Documents
-
view
229 -
download
0
Transcript of Captcha’ In Web Security
-
8/2/2019 Captcha In Web Security
1/36
Captcha In Web Security: Secure or Not ?
Presented By Abhishek Sharma
(08CE04 )
-
8/2/2019 Captcha In Web Security
2/36
How CAPTCHA Looks Like ?
CAPTCHA
Used By Google
-
8/2/2019 Captcha In Web Security
3/36
CAPTCHA : The Acronym
Completely Automated P ublic
Turing Test to Tell Computers and Humans
Apart
-
8/2/2019 Captcha In Web Security
4/36
CAPTCHA : Literal Meaning
Completely : Whole
Automated : Made by Machine
P ublic : Universally Known
Turing Test to Tell : Test Presented
by Alan Turing
Computers andHumans
Apart
-
8/2/2019 Captcha In Web Security
5/36
Contents
Introduction History The Need of CAPTCHA Basic Terminologies Earlier CAPTCHAs
How does a CAPTCHA work? Types of CAPTCHA Implementation of CAPTCHA Can CAPTCHA be broken? CAPTCHA Guidelines
Applications Benefits of CAPTCHA Limitations of CAPTCHA Conclusion
-
8/2/2019 Captcha In Web Security
6/36
Introduction
A CAPTCHA is a type of Challenge-response test used in computing asan attempt to ensure that the response isgenerated by a person or by some other
Computer.It is needed because activities such
as online commerce transactions, searchengine submissions, Web polls, Web
registrations, free e-mail service registrationand other automated services are subject tosoftware programs, or bots.
-
8/2/2019 Captcha In Web Security
7/36
CAPTCHA : History
1997: Andrei Broder at AltaVista wanted toprevent bots from automatically submittingsites for indexing.
He decided to add a test to the submissionpage.
He reversed Brother scanner OCR optimizationtechniques.
2000: Luis von Ahn, Manuel Blum & JohnLangford at CMU trademarked CAPTCHA.
Yahoo partnered CMU to counter these threatsin Messenger chat service.
-
8/2/2019 Captcha In Web Security
8/36
CAPTCHA : The Basic Needs
In 1999, slashdot.org issued an online poll asking usersto pick the best computer science school in the US.
Students at MIT and Carnegie Mellon University created
voting bots to vote for their school multiple times MIT finished with 21156 votes and Carnegie Mellon
Finished with 21032 votes.
All other schools finished with less than 1000 votes.
Proved that online polls could not be trusted unless theyensured that only humans could vote.
In September 2000, Yahoo! reported that bots wereentering their online chat rooms & pointing legitimateusers to advertising sites.
-
8/2/2019 Captcha In Web Security
9/36
CAPTCHA : The Basic Needs
Yahoo! turned to CMU to help them solve their problem.
Luis von Ahn, Manual Blum, Nicholas Harper, and JohnLangford developed CAPTCHA.
They determined that CAPTCHAs should :
1. Present challenges that are automatically generated andgraded.
2. Be simple enough to be taken quickly and easily by
humans.3. Accept virtually all human users and reject few.
4. Reject virtually all machine users.
5. Resist automatic attacks for many years to come.
-
8/2/2019 Captcha In Web Security
10/36
CAPTCHA : Terminologies
Bots
Turing Test
Challenge Response Test
Spam
-
8/2/2019 Captcha In Web Security
11/36
Terminologies : BOTS
A bot is a software program on the Internet.It is a software agent that interact with other network services intended for people as if it was a real person .
Types of Bot :-
1. Voting Bots
2. Email Account Registration Bots
3. Email Spam Bots
-
8/2/2019 Captcha In Web Security
12/36
Terminologies : Turing Test
A mathematician, Alan Turing imagined a game in which three players played it. One isinterrogator, who had to find out that which one is themachine.
What is a Turing test?To test a machines level of intelligence Human judge asksquestions to two participants, one is a machine, he doesntknow which is which If judge cant tell which is the machine, the machine passesthe test
CAPTCHA employs a reverse Turing test, judge = CAPTCHA program,participant = userif user passes CAPTCHA, he is humanif user fails, it is a machine
-
8/2/2019 Captcha In Web Security
13/36
Terminologies :Challenge Response Test & Spam
What is Challenge Response Test ? A challenge-response test is a test
involving a set of questions (or "challenges"), that the personor other entity has to answer in order to pass the test. If theperson or entity provides an adequate response to the
challenges, then it is seemed that this person or entity haspassed the test.
What is SPAM ?
Spamming is the act of sendingunwanted electronic messages in bulk. In the popular eye, the
most common form of spam is that delivered in e-mail as a formof commercial advertising.
Sending bulk messages in this fashion,to recipients who have not desired them, has come to be knownas spamming , and the messages themselves as spam .
-
8/2/2019 Captcha In Web Security
14/36
CAPTCHA : Earlier Design
Gimpy:- A puzzle consists of a display of ten distorted
and overlapping words chosen at random froma dictionary of simple words .
Solving the puzzle requires to identify only
three of the ten words and to type them intothe box provided. It looks Like below figure.
-
8/2/2019 Captcha In Web Security
15/36
CAPTCHA :How does It works ?
A CAPTCHA image is generatedrandomly on the web page from the stored database thathave two attributes: the one is for the image and theother one is for the key associated to that image. Whenthe user has entered the letters in the textbox provided
then these letters are matched with the secret key. If thekey is matched then the user is redirected to the nextpage else the new CAPTCHA image will displayed andthe same process is repeated.
-
8/2/2019 Captcha In Web Security
16/36
CAPTCHA :Different Types of CAPTCHAs
Text Based CAPTCHA Graphic Based CAPTCHA Gimpy CAPTCHA E-Z Gimpy CAPTCHA Audio Based CAPTCHA reCAPTCHA and book
digitalization
-
8/2/2019 Captcha In Web Security
17/36
CAPTCHA :Text Based CAPTCHA
Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after
tomorrow? Which of mango, table, water is a fruit?
Very effective, needs a large questionbank Cognitively chalenged users find it hard.
Types of Text Based CAPTCHA P rinted CAPTCHA
H-CAPTCHA
-
8/2/2019 Captcha In Web Security
18/36
Text Based CAPTCHA :Printed CAPTCHA
Printed CAPTCHA is difficult to breakLots of algorithms are available to generate theseHumans cannot identify these very easilyTwo major types are there viz. Baffle text,Pessimal print.
Baffle Text Based CAPTCHADeveloped by Monica Chew and Henry BairdUses pronounceable English characters with masking thatare not present in English dictionary
Pessimal Print Image CAPTCHADeveloped by Allison Coates and Henry Baird and Richard
FatemanUses the degradation model simulating physical defectscaused by printing and scanning of printed text
-
8/2/2019 Captcha In Web Security
19/36
CAPTCHA :Graphic Based CAPTCHA
BONGO1. A visual recognition problem.
2. Two sets of shapes with a distinguishing characteristic.
3. Must choose which set the shape belongs to.
PIX A database of label ed images of recognizable objects
Randomly chooses an object and displays N pictures of it.
Must correctly identify the object.
Pictures are distorted.
Image based captcha .
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
20/36
CAPTCHA :Gimpy CAPTCHA
Gimpy CAPTCHA : Designed by Yahoo and CMU. Picks up 10 random words from
dictionary and distorts, fills with noise. User has to recognize at least 3 words.
If user is correct, he is admitted. Below is a Example of Gimpy.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
21/36
CAPTCHA :E-Z Gimpy CAPTCHA
EZ-Gimpy CAPTCHA: A modified version of Gimpy. Yahoo used this version in Messenger. Has only 1 random string of characters. Not a dictionary word, so not prone to
dictionary attack. Not a good implementation, already
broken by OCRs.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
22/36
CAPTCHA : Audio Based CAPTCHA
Audio CAPTCHAs :Consist of downloadable audio clipUser listens and enters the spoken wordHelps visually disabled users
Below is the Googles audio enabled CAPTCHA Not popular
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
23/36
CAPTCHA :reCAPTCHA & Book Digitalization
Verify digitized books: reCAPTCHA Used in Google Books Project Two words are shown, the program
knows first word If user enters first word correctly, it
assumes that the second unknown wordwill also be entered correctly Second word becomes known
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
24/36
CAPTCHA :Implementation & Creation
Creating CAPTCHA in Different Fashion1. One way to create a CAPTCHA is to pre-determine the
images and solutions it will use. This approach requiresa database that includes all the CAPTCHA solutions,which can compromise the reliability of the test.
2. A CAPTCHA can be created using a Image and somecharacters by applying some effects on them likeblurring, distortion etc.
3. One can make His/her Own CAPTCHA for a web forumby using some randomize function in which Some sort of
strings are generated randomly.
4. a CAPTCHA might include series of shapes and ask theuser which shape among several choices would logicallycome next. The problem with this approach is that not allhumans are good with these kinds of problems and the
success rate for a human user can go below 80 percent.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
25/36
CAPTCHA :Implementation
There are two basic Implementation of CAPTCHA for aWebsite or Web Forum.
1. Embeddable CAPTCHAs : The easiest implementation of a
CAPTCHA to a Website would be to insert a few lines of CAPTCHAcode into the Websites HTML code, from an open source CAPTCHAbuilder, which will provide the authentication services remotely. Mostsuch services are free. Popular among them is the service provided bywww.captcha.net s reCAPTCHA project.
2. Custom CAPTCHAs : These are less popular because of theextra work needed to create a secure implementation. Anyway, theseare popular among researchers who verify existing CAPTCHAs andsuggest alternative implementations .
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
26/36
CAPTCHA :Can CAPTCHA be broken ?
The answer to this question is: YES!
Given enough effort, absolutely every CAPTCHA algorithm can be broken.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
27/36
CAPTCHA :Breaking A CAPTCHA
A very Popular method used for breaking a CAPTCHA isOCR(Optical Character Recognition).
Most text based CAPTCHAs have been broken bysoftware Computer Character Recognition.
Other CAPTCHAs were broken by screaming the testsfor unsuspecting users to solve.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
28/36
Breaking A CAPTCHA :Computer Character Recognition
A number of research projects have attempted (often withsuccess) to beat visual CAPTCHAs by creating programsthat contain the following functionality:
1.Pre processing2.Segmentation3.Classification
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
29/36
Computer Character Recognition :Step By Step Process
Pre-processing Application of algorithms to remove the effects of distortion,
blurring, clutter, background noise, etc.
Easy problem for computers to solve.
Segmentation
Splitting the image into regions which contain a singlecharacter.
Complex and computationally expensive.
Character Recognition
OCR software used to identify the characters
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
30/36
CAPTCHA :Guidelines For CAPTCHA
Accessibility All users need to have access to the protected site.
For example, visually-impaired users need audio CAPTCHAs.
Image Security Images must be secure enough to prevent OCR-based attacks.
Random and thorough distortion techniques.
Script Security Programs must be secure as well.
Passwords passed in encrypted text.
Destroy sessions after a CAPTCHA is solved.
Security AfterWidespread Adoption
Large pool of dictionary or words or images.
Phonetic generators and nonsense words.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
31/36
CAPTCHA :Guidelines For CAPTCHA
Security from OCR is achieved by randomness:
Making the letters wiggly:
Adding noise or lines:
Using a messy background:
Crowding or blending letters:
Segmenting characters:
Varying font thickness, color:
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
32/36
CAPTCHA : Applications Of CAPTCHA
1. Online Polls2. Protecting Web Registration:3. Preventing comment spam4. Search engine bots5. E-Ticketing6. Email spam7. Preventing Dictionary Attacks
8. As a tool to verify digitized books9. Improve Artificial Intelligence (AI)
technology
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
33/36
CAPTCHA :Benefits of CAPTCHA
Using a CAPTCHA significantly narrows the number of potential attackers on your website. CAPTCHA imagesensure that not every beginner hacker can attack yourweb forms.
You can always change the algorithm used if the previousone is broken. It's highly unlikely that a hacker will spendhis entire time trying to break new algorithms as youchange them.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
34/36
CAPTCHA :Limitations of CAPTCHA
CAPTCHA is not 100% solution for all the problems likeBOTs and Spams .
CAPTCHA can be broken.
1. Using Computer Character Recognition software.2. Using cheap human labor to process the test.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
35/36
CAPTCHA :Conclusion
As with all security solutions, risk can only be decreased,but there is no such thing as a single security measurethat is 100% safe. But the presence of a CAPTCHA isalways necessary when you need to enhance the stability
and security of any web service or application.
So a CAPTCHA is a technique that can generate andgrade that :
A human can pass very easily but its not so easyfor any computer or software program.
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pixhttp://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix -
8/2/2019 Captcha In Web Security
36/36
! QUERIES !
http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix